Critical Flaws in AI Coding Tools Put Crypto at Risk
Blockchain security company SlowMist has issued an urgent warning about a critical vulnerability in AI-powered coding tools that could immediately compromise developer systems through simple project operations. The flaw affects common integrated development environments (IDEs) and poses particular risks for crypto developers, whose systems often store valuable digital assets and sensitive credentials.
AI coding assistant users face imminent danger when opening untrusted project directories, with several developers already having been compromised, according to SlowMist’s threat intelligence team. The vulnerability is triggered automatically when developers perform routine actions such as opening a malicious project and executes system commands on both Windows and macOS without requiring additional user interaction.
Cursor users are particularly vulnerable to the vulnerability, which cybersecurity firm HiddenLayer first documented in its investigation into the “CopyPasta license attack” in September. The exploit manipulates the way AI assistants interpret common developer files, including LICENSE.txt and README.md, by embedding malicious instructions in Markdown comments that are hidden from rendered views but help AI tools spread malware across entire codebases.
Rising Threats of AI-Powered Crypto Scams
According to Chainabuse data, AI-powered crypto scams increased 456% between May 2024 and April 2025, with 60% of scam wallet deposits now attributed to AI-powered schemes using deepfakes, voice clones, and automated bots that create fake identities and realistic conversations at scale. The paradox of ethical and unethical use of AI is becoming increasingly worrying, with AI systems discovering zero-day exploits worth millions.
Last month, an Anthropic study showed that AI agents successfully exploited 50% of smart contracts in its SCONE bench testing framework, generating $550.1 million worth of simulated attacks on 405 previously compromised contracts. Claude Opus 4.5 and GPT-5 discovered working exploits for 19 contracts deployed to their knowledge valued at $4.6 million, while both models found two zero-day vulnerabilities in live Binance Smart Chain contracts valued at $3,694 at an API cost of $3,476.
Nation-State Hackers and Crypto Theft
Nation-state hackers are using blockchain to spread malware, with North Korean threat actors escalating their attacks by embedding malware directly into blockchain smart contracts. Famous Chollima employees deployed malicious JavaScript modules that combined the BeaverTail and OtterCookie malware by conducting fake job interviews against crypto developers and distributing the code through an NPM package disguised as a chess application.
Google has documented that a North Korean group, UNC5342, has been embedding JADESNOW malware and INVISIBLEFERRET backdoors into smart contracts on the BNB Smart Chain and Ethereum since February, creating a decentralized command and control infrastructure that law enforcement cannot easily dismantle. These security threats continue to grow, even as crypto-related losses from hacks and cybersecurity exploits fell 60% to $76 million in December compared to $194.2 million in November, according to data from blockchain security firm PeckShield.
For more information, visit https://cryptonews.com/news/your-crypto-could-vanish-slowmist-reveals-critical-flaw-in-ai-coding-tools/
